EUVD-2026-26363Lifecycle Timeline
1DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlink_ns_capable() check for peer netns
rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net.
Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.
Analysis
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths
Share
External POC / Exploit Code
Leaving vuln.today